• We are currently seeking an Application Security Engineer to join our rapidly growing Security team
• The Application Security team is responsible for emulating real-world adversaries to proactively discover, exploit, and help remediate critical security vulnerabilities across our applications
• We provide an essential adversarial perspective, challenging our defences and partnering with development teams to eliminate flaws before they can be abused
• This role is for someone who is passionate about building innovative solutions and being exposed to new challenges and technologies while making an impact
• Write, review, debug, and implement tools to help developers avoid security flaws
• Build partnerships with development teams and advise on security best practices
• Contribute to collective developer education by driving security awareness and knowledge amongst the product organization
• Provide detailed guidance and support to teams in vulnerability remediation, and develop frameworks, guidelines, and systematic fixes for recurring vulnerabilities
• Resolve issues, navigate ambiguity, and maintain positive working relationships with researchers in our Bug Bounty program
• Identify and implement tools for automated application scanning, static analysis and related tools
• Perform penetration testing, and offensive campaigns against internal assets
• Perform reactive incident response and forensics when a security event occurs
• Perform proactive research to detect new attack vectors
• Elevate and educate our security culture within Clio, contributing to our cultural values

Benefits

• Company equity
• 401k
• $500 contribution when you become a parent and/or guardian
• RRSP-matching
• Pension plans
• 4-week minimum vacation
• Work from home when you need to (role-specific)
• Parental leave options for moms and dads
• Customizable extended health benefits (including $2000 per year to spend on counseling)
• Wellness programs including an onsite naturopath physiotherapist, and RMT (location-dependent), healthy snacks, and exercise classes- This role is for someone who is passionate about building innovative solutions and being exposed to new challenges and technologies while making an impact
• Experience with log aggregation and SIEM technologies
• Strong proficiency in at least one major programming language (e.g., Python, .NET, JavaScript)
• Expertise with common application security tools and platforms (e.g., Burp Suite, SAST, SCA)
• Demonstrate a keen interest in improving your craft by using AI
• Ability to identify malicious behaviour and emerging threats via log analysis
• Experience in Application Security, with a strong focus on offensive security and penetration testing
• Experience securing applications in modern cloud environments (AWS, Azure, or GCP)
• Proven ability to lead and conduct formal threat modeling sessions
• Hands-on expertise identifying and exploiting complex vulnerabilities (e.g., SSRF, Deserialization, logic bypasses)
• Security certifications such as OSCP or OSWE
• Active participation in the security community (e.g., presenting at conferences, contributing to open-source tools)
• Experience with Ruby on Rails, Puppet, Kubernetes, Terraform, ELK (Elastic, Logtash and Kibana)
• Strong AWS security experience on EC2 and managed services